Subscribe to BCA Journal Know More

August 2019


By Natrajh Ramakrishna
Chartered Accountant
Reading Time 27 mins



1.1     This article deals with some of the complex
issues relating to the auditor’s role and responsibilities relating to
financial reporting in the context of fraud and business failures and the
provisions of the Companies’ Act, 2013 that pertain to the removal and barring
of auditors, including firms for failure to report material misstatements
arising out of the above.


The integrity of
financial statements is important because millions of stakeholders rely on them
for decision-making. Unreliable financial reporting has serious implications;
they lead to financial losses, loss of jobs and, most importantly, they shatter
investor confidence. The law is settled: it is the primary responsibility of
management to maintain proper books of accounts and  build an effective governance framework,
including internal financial controls. However, external auditors provide the
most critical link between the company and its stakeholders. They are appointed
by the members, vested with powers specified under law and they report directly
to the members. They have access to the company’s records, systems and
processes, all the key members of management who are charged with governance:
the board, the audit committee, and all relevant management; they evaluate all
significant and other accounting policies; in essence, they do all the work
that is necessary for expressing the opinion of “true and fair” on the
financial statements.


1.2     The Ministry of Corporate Affairs (MCA)
recently launched prosecution against several auditor firms (‘current and
former’) for their alleged role in “perpetuating the fraud” in a leading
financial services and infrastructure company, a matter that has been widely reported
in the media. The MCA moved the National Company Law Tribunal (NCLT) for
debarment of these audit firms and their audit partners. It sought interim
attachment of their properties, including bank accounts and lockers.


1.3 In this context,
the ICAI Regulations provide for various actions against an individual member
for professional misconduct arising from not discharging professional
responsibilities in the manner as required. In the matter of disciplinary
action in the Satyam case, the Institute of Chartered Accountants of India
(ICAI), in an e-mailed statement, had told PTI that it has no powers to take
disciplinary action against chartered accountant firms and that a request that
was sent to the government in this regard in 2010 was yet to be acted upon… status
remains even as on date. This article examines some of the complex
issues relating to the banning of auditors, this being a complex and
exceptional event. The aspects relating to the legality and powers, etc., of
the various regulatory bodies in this specific context is clearly beyond the
scope of this article.


1.4 The present law
for the removal of auditors is contained in sections 140(5) and 143(12) of the
Companies’ Act 2013, which sections we shall examine in detail because of the
wide import of these sections and the manner in which these are currently being
interpreted in terms of what actions can be (and need to be) taken against
individual engagement team members, the practice and the firm. We shall also
examine the impact that these developments will have on several contentious
issues such as, for example, the detection and reporting on fraud and business
failures during the course of audit and the consequences of failure to not
report on these matters specifically, on the engagement partner and team
members and the firm… and the profession. The MCA claims that invoking section
140(5) of the Company’s Act in the case would allow debarring an audit firm for
at least five years; the validity of these claims is being evaluated by the


1.5 The asymmetry
between the auditor’s role in the detection and reporting for risks of fraud
and business failures and stakeholders’ expectations is widening. In this
environment, regulators and shareholders seeking action against auditors for
not adequately addressing the risks that lead to these failures… trying to
find audit failures behind every business failure needs to be addressed.

Stakeholders, particularly the Regulators and shareholders, expect the auditors
to be vigilant and address the risk of business failures and fraudulent
practices through better audit procedures and communication. Auditors are no
longer perceived as “assurers” but as professionals, who by virtue of the role
they play and the position in which they are placed, considered as a critical
line of defense and are considered responsible in addressing the twin risks of
business failure and fraudulent conduct of managements.
The aspect of audit
failures is also a harsh reality and regulators in other countries… particularly
the UK and US are concerned about these audit failures, looking at serious
action and reforms in the auditing market.




2.1 The recent
example of business failures of large companies has clearly brought into focus
what the responsibilities of auditors are to address the related potential and
inherent risks and “red flags,”    in
their audit approach, audit tests and communications with those charged with
governance and where required under law, escalating to the regulatory
authorities cases of fraudulent conduct. Business failures happen due to
diverse reasons: economic downturns, market disruptions, liquidity crises, poor
governance, and even significant acts of fraudulent conduct by management are
factors that can individually or jointly cause businesses to fail. Hundreds of
companies in India have lined up for insolvency under the IBC; loss to
stakeholders run in several thousands of crores of rupees. Similarly, the NPA
crisis in the commercial banking sector is estimated to have caused losses that
run upward of Rs. 7 trillion…  the
economy is yet to recover from credit not flowing adequately as a result; NBFCs
as a sector have also come under severe stress, with the risk of mega failures
looming large.


2.2 Regulators and
other stakeholders not only rely on audited statements but also take financial
decisions that impact wealth, savings, investments and taxes. Business failures
and more particularly, those arising due to fraudulent conduct, result in
significant losses to lenders, investors and shareholders. The role of the
Board, the audit committee, management and auditors are invariably subject to
scrutiny and investigation. The provisions of the law provide for penalties,
imprisonment in case business failures are also on account of governance and
fraudulent conduct. Specifically, section 140(5) of the Companies Act, 2013
provides for removal of the auditor(s) if it is established that the auditor
has either acted in a fraudulent manner or abetted fraud by the company or its
officers. The NCLT’s order also renders the auditor and the firm ineligible for
appointment as auditors of any company for a period of five years. (We shall
deal with the debarring of auditors and firms later).


2.3 Since the
collapse of Enron, there have been several other large failures in the US, the
UK and India. In the UK recently, where there has been a spate of business
failures, regulatory authorities have commented on the failure of audit to
demonstrate adequate scepticism, challenge managements and constantly shifting
blame from one to another. The conclusions were unmistakable: the public and
key stakeholders had become disillusioned with the reliability of audits and
distrustful of the performance of directors. While the Competition Commission,
the Financial Reporting Council and others acknowledged the fact that there
exists an ‘expectations gap’ between what an audit does and what are the
stakeholders’ expectations from audit, the truth was that audits too often fell
short on quality and expectations.


2.4 In India, ever
since Satyam, various stakeholders have urged on the need for reform in the
audit market by way of stricter regulations and penalties and the amendments to
the Companies Act, 2013, the formation of the NFRA and the increasing role of the
SFIO are all steps in that direction.




3.1 Section 140(1)
provides for removal of auditors before the expiry of their term only by
special resolution and approval of the Central Government. There is also a
requirement for the auditor to be heard and to make representation to the CAG
indicating the reasons and provide facts that may be relevant.


3.2 Let us examine the provisions of
Section 140(5)


i. The
provisions of Section 140(5) provide that the NCLT can,
suo moto or based on an application from the Central Government
or a concerned person, direct change of auditors (that is, remove the auditors)
if it is satisfied that the auditor has acted in a fraudulent manner or abetted
or colluded in any fraud by the company or its directors and officers.


ii. The NCLT
passes final order for removal of the auditor (including the firm) and also rendering the auditor (including the
firm) ineligible for appointment as auditor of any company for a period of five
years, including being liable for action and punishment for fraud u/s 447 of
the Act.


3.3 Let us
examine some of the key and relevant implications (of i. and ii. above):


3.3.1 Section
140(5) does not define under what circumstances can the NCLT hold that the
auditor acted in a fraudulent manner or abetted / colluded in any fraud by the
company or its officials.
The words, ‘directly or indirectly’ appear to
qualify and may be interpreted to mean both direct participation or “tacit”
approval to fraudulent behavior by the auditor and fraud by the management.
Situations that can potentially come under the realm of “indirect fraudulent
behavior” or “indirectly abetting or colluding management fraud” could possibly


– absolute, gross
negligence or turning a blind eye to what appears apparent to any reasonable
person (in position as auditor) or what the SEC describes as “reckless conduct”
by the auditor. The serious risk is that gross negligence in evaluating key
inherent risks and absence of internal controls, choosing not to pursue serious
irregularities that came to the auditor’s attention during audit and raised by
audit staff could be perceived as “tacit approval” of fraudulent conduct;

-where it is
established that the auditor was aware of serious and material irregularities
but chose not to discuss, escalate or report to those charged with governance
and to the shareholders and government and instead chose to rely on sham
representations from management;

– agreeing not to
report to shareholders serious risk of defaults in the settlement of material
obligations that could impact the sustainability of the business;

– agreeing to not
deal with serious lapses in governance, internal controls, material frauds
detected by management including non-compliance with certain laws and

– serious conflicts
of interest that result in loss of independence as auditor to express an
opinion of true and fair.


Debarring the firm


To debar a firm would
mean the “direct or indirectinvolvement of every partner in the
firm to the fraudulent behavior or the act of conniving to abet or collude with
management. Debarring a firm is not unique to India; the SEC also provides for
suspending license to practice where “reckless behavior” is clearly established
at a firm-wide level. Three illustrative instances are provided to highlight
circumstances under which a firm could run the risk of being debarred:


Where the leadership
of the practice comprising of (say) the senior partners, was not only actively
involved on the engagement including managing audit quality, discussions with
management but agreeing to act in a manner clearly demonstrative of “utter
disregard” to discharge professional obligations on the engagement…

say, for example,
agreeing with management to suppress material facts that reveal involvement of
management in serious fraud. In such cases, it would therefore not be necessary
for the NCLT to hold that ‘every partner’ was involved because ‘the firm is
clearly perceived to act in disregard for professional obligations.’


Where the rendering
of non-audit services are significant; even in normal circumstances, auditors
will do well to review all non-audit services that they render to remain free
of the charge of “conflict of interest” and “independence” as these could make
them vulnerable to the risk of complicity in case of failure to detect serious
frauds and other irregularities. In this context, the rendering of non-audit
services that fall under ‘prohibited services’ as defined in section 144 of the
Act can put to risk the entire practice getting debarred in case of charges of
fraudulent behavior, connivance, etc.


Absence of firm-wide
audit methodology, ethics, risk and independence policy because regulators may
perceive the risk of audit failure as systemic and ‘waiting to happen”’any


Complexities relating to a firm-wide ban:


Except as stated in
circumstances in 3.3.2 above, it is only under certain unique circumstances
that an entire firm could be charged with fraudulent behavior or in abetting
and colluding with management. A firm-wide ban means that all partners and
employees (including non-professional employees) are being accused and charged
under the section for fraudulent conduct or for complicity. Where the NCLT
Order has the effect of banning an entire firm for a period of five years, it
has to be established that the entire firm comprising the firm leadership, the
audit partners (not only from the engagement team but also from other teams and
other locations) and the tax and advisory partners in that firm
had all connived with or abetted in the fraudulent activities in the company.
Without a detailed investigation into the affairs of the firm, and its risk
management policies, every correspondence, every mail box, the risk management
policies, the audit methodology… the list is endless! How can an authority
establish beyond all reasonable doubt that the entire firm was involved in
abetting or conniving with management, especially when over a hundred partners
typically work in these large firms in different disciplines and departments
remains a challenge! The provisions appear arbitrary and rigid… this can
only cause serious harm to the entire process of reforms that the Regulators
are working towards.


3.3.4 Learning
from global best practices: How SEC, PCAOB, deal with major audit failures and
suspension of licenses:


Regulations provide for Removal, Suspension, or Debarment of Accounting Firms
or Offices of firms. The rules identify factors the Regulators consider in
determining the appropriate penalty and remedy. Under current regulations
governing practice, the Regulator can remove, suspend, or debar a firm by
naming each member of the firm or office in the order of suspension or
debarment. The Regulations provide that, in considering whether to take action
against a firm and the severity of the sanction against a firm, the Regulator
may assess the gravity, extent of involvement of firm personnel, including the
leadership, scope, or repetition of the act or failure to act; the adequacy of
and adherence to applicable policies, practices, or procedures for the firm’s
conduct of its business and the performance of audit services; the selection,
training, supervision, and conduct of members or employees of the firm involved
in the performance of audit services; the extent to which managing partners or
senior officers of the firm participated, directly or indirectly through
oversight or review, in the act or failure to act; and the extent to which the
firm has, since the occurrence of the act or failure to act, implemented
corrective internal controls to prevent its recurrence. Section 140(5) contains
no such mitigating provisions. None of the regulatory agencies in India,
barring the ICAI have any mechanism or laid down procedure to examine these
The results can only be arbitrary and harm the profession.


ii. There is no
exhaustive list of factors and circumstances may present other facts that the
Regulator will take into account in determining whether to take an action
against a firm. The Regulators anticipate that there may be circumstances in
which it will not be appropriate to remove, suspend, or debar an entire firm,
but that action should be taken against a particular office or specific offices
of the firm. The Regulator would hold hearings on removals, suspensions, and
debarments under rules that are consistent with the relevant Rules of Practice
and Procedure including, provide among other things, for written notice to the
respondent of the intended action and the opportunity for a public hearing
before an appropriate judge. Reckless and ‘disreputable conduct’ including
mainly, aiding and abetting violations, of specified laws and the reckless
provision of false or misleading information, or reckless participation in the
provision of false or misleading information also may lead to removal,
suspension, or debarment of firms. The most important point is, except in a
case where the continuance of a firm could cause irreparable damage to the
Regulatory environment because of extreme and reckless behaviour, it was felt
that an immediate suspension would not stand up to any legal scrutiny.


iii. The provisions
of Section 140(5) appear limited in scope in terms of dealing with the removal
of auditors for fraudulent conduct and connivance and not with past cases of
audit failures. The Companies Act also appears clearly ill-equipped to
prescribe elaborate procedures for determining professional misconduct of the nature
described in Section 140(5).
An independent agency will need to be set up
on the lines of the PCAOB to inspect firms (public interest entity audits may
be taken up) on quality, risk and independence. That agency will frame
regulations on various aspects of audit so that there is a comprehensive and
professional basis for evaluating firms on risk, independence and quality…
Section 140(5) cannot be used as a ‘lone wolf’ provision to penalise and debar
auditors. The Regulators cannot step in only to penalise auditors; they have a
more constructive role to play for the development and sustenance of the


iv. The US and the
UK have framed regulations on similar lines that deal specifically with removal
and debarring of auditors. But, these are all based on a comprehensive
framework and procedures to proactively deal with audit risk and quality.
Section 140(5) needs to be backed by a similar structure before enacting laws
for removal and debarring of auditors. The PCAOB and its equivalent in the UK
have been therefore effective in identifying audit failures and disciplinary
actions taken by regulators against firms including the Big Four act as a
deterrent for reckless audit. Firms and partners are penalised and there is a
specific plan that is laid down by the regulator for the audit firm to
implement. These form the basis for the regulator to conclude whether auditors
indulge in repeated wrongful behaviour… to conclude whether the firm needs to
be considered for debarment. Matters are referred to a judicial authority to
decide on the case. These processes and procedures are designed to ensure that
the regulators and auditors work together and play an important role in the
improvement of the financial markets and the financial reporting process.


v. The current
scenario where several investigative agencies investigate and interrogate
auditors on the same issues is gross and counter-productive because they have
otherwise no role to play in the development of the profession. The SEC and the
PCAOB in the US and the FRC in the UK are known to be extremely methodical in
their approach but, their credibility arises on account of their deep knowledge
of all aspects of the financial reporting process and also, their role in
developing auditing standards, building audit quality and risk management.


3.3.5 Section
447 and the “intent to deceive”


 i. Section 447 of the Act defines ‘Fraud’ to
include any act, omission, concealment of any fact or abuse of position
committed by any person by himself or by connivance with an ‘intent to deceive.’ This imposes a challenge
because the auditor does not have the benefit of scrutinising and identifying
fraudulent financial transactions in the books because ‘intent to defraud’
would in most cases reflect in the financial books at some future date.


ii. The start point
for an auditor would be a detailed evaluation of the key inherent risks, based
on a deep understanding of the business, the overall control environment and
the company’s history of internal control failures, manifestation of business
risks and incidence of frauds.


iii. Detailed
consultation with those charged with governance is necessary; the primary
responsibility for maintaining internal financial controls and books of
accounts that are free of material misstatements is that of management. The
auditor will need to discuss the risk of fraud with the audit committee and the
internal auditors because they are best placed to discuss “red flags” in
the system.


iv. In all this, it
is extremely important for the auditor to remain compliant with the mandatory
accounting standards and the standards on auditing.


3.3.6 Business
failure and fraudulent reporting


i. Businesses fail due to a myriad of reasons ranging from economic
downturns, liquidity crisis in the markets, project failures not within the
control of the business, market disruptions, and internal factors such as poor
quality of leadership, serious governance failures including frauds, diversion
of funds for other than agreed upon end use, etc.


ii. To understand
the asymmetry on the expectations between auditors and stakeholders on business
failures, let us examine these situations:


(a) It is common and an inherent risk for a company which is in the
business of infrastructure, of a future asset-liability mismatch arising on
account of a project that is not getting completed for reasons beyond the
control of management. Loan instruments with a repayment schedule of more than
ten years are few and involve complexities because they are mostly
quasi-equity, lenders are inherently averse to fund long term, etc. There is a
continuing risk of the project getting delayed, resulting in a serious asset
liability mismatch. The risk that a delay can seriously weaken the company’s
ability to service debt on the due dates can be seriously jeopardised in the
matter of a single quarter, leaving the auditor with an extremely small window
to call out the risk of not honouring a payment on the due date.
“Round-Tripping” is therefore a common occurrence in the financial sector and
is ordinarily not associated with a collapse. It is common practice for lenders
to “roll-over” loan instalments that fall due for payment and the parties enter
into an arrangement to pay at a later pre-determined date where the borrower
pays a few days after the due date. The lenders also understand that these are
“acceptable  aberrations” that occur
because of temporary mismatch in cash flows… all is accepted because of the
knowledge that the borrower is not a “fly-by-night” operator. But recent
examples prove that a single case of “round-tripping” can cause a series of


(b) The auditors
would have, in the course of audit, examined and documented the risk of such
aberrations as “moderate” because of the overall solvency and profits. Also,
past record of payments on due dates would have resulted in the risk being
classified as “moderate”. In a case where the default happens on a
date subsequent to the balance sheet date but only a few days before audit sign
off and the lender communicates his unwillingness to “roll over,” there could
be a serious crisis and a chain reaction where no lender trusts the ability of
the business to honour its debts on due dates. The classification of audit risk
as “moderate” could become suddenly a matter of “suspect judgement.”

(c) Due to the
adoption of  fair value accounting, the
carrying value of a project may undergo a significant downward revision on
account of impairment close to balance sheet date. Estimates and year-end
valuations continue to pose the biggest challenge to auditors and more so in a
case where the business failure results in a roving inquiry into the entire
gamut of governance. Post-IFRS and Ind-AS, implementation and the use of
fair values, the “cushion” that was available in historical cost regime no
longer exists. Regulators and other stakeholders need to accept the fact that
these errors in estimates are inherent to the adoption of fair value


3.3.7 The
challenges of Holding Subsidiary company relationships:


i. In India, the
auditing standards require the auditors of the consolidating entity to rely on
the work of the component auditor without having to review all of the work
papers of the subsidiaries. The Companies Act 2013 provides the consolidating
auditors access to the work papers of all the component auditors.


ii. However, SEBI plans
to make it mandatory for auditors of parent companies to review the work of all
the auditors of subsidiary companies before being approved by the board. This
possibly arises on account of the crisis at IL&FS where Regulators believe
that auditors of the parent companies were not familiar with the processes and
risks at the subsidiary level, resulting in various irregularities including,
mainly, the misuse of funds transfers and “ever-greening” of loans at the
subsidiaries’ level.


iii. The
traditional view that each company is an independent legal entity is being
challenged by authorities all over the world because of certain specific
The Holding Company invariably exercises significant control over
all major board decisions at the subsidiary level by controlling the board
composition, centralised operating decisions such as purchases, funding,
significant transactions between the parent and the subsidiaries, common
statutory and internal auditors and policies on risk ethics and compliance. Given
all these inter-dependencies, it is very difficult to hold that the subsidiary
boards and management are independent and responsible for their
governance-related matters. As a result, members on the board of a holding
company are no longer insulated against charges of governance failures at the
subsidiary level. The same holds good for auditors of the holding company: in
most instances, almost all the material subsidiary accounts are audited by
them, they circulate detailed audit instructions and in a few cases, almost all
significant audit matters are discussed by them with the component auditors of
the material subsidiaries, their audit committees and respective boards.


iv. The SEBI
believes that parent company auditors cannot be merely “consolidating” without
an understanding of the key audit risks and significant audit matters by the
respective component auditors and, how they have been discussed and dealt with
in the auditors’ reports.


v. Parent company
auditors will therefore need to extend their involvement to obtain detailed
understanding of all key matters including key risks identified during audit
planning meetings risk, how the audit tests were designed to deal with these
risks including the risk of fraud and internal control weaknesses.




We shall deal with
the three top level changes that auditors must make in their audit
strategy to address the heightened level of risk of frauds and business
failures and the litigative environment that exists. These are in addition to
the audit tests prescribed in the standards of auditing prescribed by the ICAI:


(a) Audit
More often than not, the time and qualitative attention that
auditors devote to plan the audit is inadequate. Audit planning must focus
categorically on the issue of various aspects of risk: Risks inherent to the
business are the most critical because they define what the risk framework
should be. Hitherto there has been a lack of focus on factors that could
significantly impact business continuity and these risks typically include the
main risks of business and governance failure. This risk summary will be a
critical document that needs to be updated at every stage of the audit because
new risks emerge as the auditor gains deeper insights into the business. The
auditor must discuss this list internally with the team and with all those who
are entrusted and charged with governance: the Board, the management, the audit
committee and the internal auditors at key stages of the audit to assess how
these risks are being addressed. These discussions must be documented in
detailed manner such that the principle of ‘due care’ is established;


(b) Evaluating
the Corporate Governance Framework:
Assess the quality and
independence of the Corporate Governance Framework: Typical “red flags” include
a weak set of “independent directors” who typically do not stand up to discuss
potential risks to governance, internal auditors who structurally report to the
finance head, the presence of significant related party transactions,
reluctance to discuss incidents of fraud, ignoring whistleblower incidents…as a
result, the auditor is the only effective link in the entire corporate
governance structure.


(c) Paying
attention to the ‘Critical Audit Matters’ (CAM)
section at every stage
of the audit: Most often discussion on CAM happens in the later stages of
audit, an area that is, in the current context, the most effective line of
defence. Clients also demonstrate resistance to discuss CAM at the last minute,
exposing the auditor to serious risks.


(d) Evaluating
the Directors’ Report and MD&A:
These two sections are typically
areas of inadequate focus because they are made available only a couple of days
before audit sign off. It is critical to examine these two sections for
inadequacies in management reporting of business risks, key business developments
such as dealing with potential failures to meet loan repayment obligations,


(e) Making
effective use of Management Rep Letters:
It has been established time
and again that Rep Letters are not a critical line of defence and do not
substitute substantive audit verification tests that the auditor is required to
perform. However, ‘Minutes’ of discussions and explanations received from
Management serve as ideal “back up.” It is also common practice to discuss
Management Rep Letters with Audit Committees for the important representations
made by management. As a rule, auditors should expect Rep Letters to help only
in situations where no alternative sources of “comfort” exist or are available.
In such case too, auditors must consider drawing attention to important
representations made in the audit report by way of EoM or in extreme cases by
way of a “Qualification.”




While the primary
responsibility for the prevention and detection of fraud continues to rest with
management, auditors must accept that the responsibility to adopt robust audit
procedures and ferret out “red flags” that are indicative of imminent failures
in governance, risk and even business. For example, significant erosion of
asset values due to ‘mark to market’ considerations should seriously bother the
auditor not only from an asset impairment perspective but from the ability of
the business to service external debt. Similarly, asset liability mismatches
that could seriously erode the confidence and comfort of lenders require
significant audit attention; this is the new reality that auditors must accept;


It is imperative for
auditors to get audit files and documentation on Public Interest Entity (PIE)
audits “cold reviewed” by an independent team before date of sign off. This
process involves time and must be ‘in-built’ into the time commitment made by
the auditor to the client on date of audit closure;


Discussion & Analysis (MD&A) and Board Reports are important documents
that the auditor should review before audit clearance since they communicate
what the management “holds out” in terms of what management perceives are the
key risks and how they are being dealt with… the structure of the 10K that
SEC Registrants file would be a good benchmark.


Non-audit services
proposed to be rendered should be subject to internal ‘risk clearances’ and
committee approvals to avoid any vulnerabilities that may arise in case a
serious fraud is detected and the question of auditor independence becomes the
subject matter of litigation.


Communications with
those charged with governance is as much a cultural issue as it is a technical
one. Special skills are necessary to structure these conversations such that
the auditor can establish to any regulatory authority that the auditors have
done all that was expected to be done.


You May Also Like